aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB')
-rw-r--r--phpBB/common.php7
-rw-r--r--phpBB/includes/functions.php95
-rw-r--r--phpBB/includes/functions_display.php10
-rw-r--r--phpBB/includes/ucp/ucp_pm_compose.php3
-rw-r--r--phpBB/index.php2
-rw-r--r--phpBB/language/en/ucp.php1
-rw-r--r--phpBB/viewforum.php4
7 files changed, 94 insertions, 28 deletions
diff --git a/phpBB/common.php b/phpBB/common.php
index c6bb5c6cfe..6943b02fa0 100644
--- a/phpBB/common.php
+++ b/phpBB/common.php
@@ -29,6 +29,8 @@ if (file_exists($phpbb_root_path . 'config.' . $phpEx))
if (!defined('PHPBB_INSTALLED'))
{
// Redirect the user to the installer
+ require($phpbb_root_path . 'includes/functions.' . $phpEx);
+
// We have to generate a full HTTP/1.1 header here since we can't guarantee to have any of the information
// available as used by the redirect function
$server_name = (!empty($_SERVER['HTTP_HOST'])) ? strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
@@ -41,10 +43,13 @@ if (!defined('PHPBB_INSTALLED'))
$script_name = (!empty($_SERVER['REQUEST_URI'])) ? $_SERVER['REQUEST_URI'] : getenv('REQUEST_URI');
}
+ // $phpbb_root_path accounts for redirects from e.g. /adm
+ $script_path = trim(dirname($script_name)) . '/' . $phpbb_root_path . 'install/index.' . $phpEx;
// Replace any number of consecutive backslashes and/or slashes with a single slash
// (could happen on some proxy setups and/or Windows servers)
- $script_path = trim(dirname($script_name)) . '/install/index.' . $phpEx;
$script_path = preg_replace('#[\\\\/]{2,}#', '/', $script_path);
+ // Eliminate . and .. from the path
+ $script_path = phpbb_clean_path($script_path);
$url = (($secure) ? 'https://' : 'http://') . $server_name;
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 2e42dfe94e..43b81f3f26 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -1018,6 +1018,36 @@ else
}
}
+/**
+* Eliminates useless . and .. components from specified path.
+*
+* @param string $path Path to clean
+* @return string Cleaned path
+*/
+function phpbb_clean_path($path)
+{
+ $exploded = explode('/', $path);
+ $filtered = array();
+ foreach ($exploded as $part)
+ {
+ if ($part === '.' && !empty($filtered))
+ {
+ continue;
+ }
+
+ if ($part === '..' && !empty($filtered) && $filtered[sizeof($filtered) - 1] !== '..')
+ {
+ array_pop($filtered);
+ }
+ else
+ {
+ $filtered[] = $part;
+ }
+ }
+ $path = implode('/', $filtered);
+ return $path;
+}
+
// functions used for building option fields
/**
@@ -1280,6 +1310,10 @@ function phpbb_timezone_select($user, $default = '', $truncate = false)
* Marks a topic/forum as read
* Marks a topic as posted to
*
+* @param string $mode (all, topics, topic, post)
+* @param int|bool $forum_id Used in all, topics, and topic mode
+* @param int|bool $topic_id Used in topic and post mode
+* @param int $post_time 0 means current time(), otherwise to set a specific mark time
* @param int $user_id can only be used with $mode == 'post'
*/
function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $user_id = 0)
@@ -1287,6 +1321,8 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
global $db, $user, $config;
global $request;
+ $post_time = ($post_time === 0 || $post_time > time()) ? time() : (int) $post_time;
+
if ($mode == 'all')
{
if ($forum_id === false || !sizeof($forum_id))
@@ -1294,9 +1330,20 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
if ($config['load_db_lastread'] && $user->data['is_registered'])
{
// Mark all forums read (index page)
- $db->sql_query('DELETE FROM ' . TOPICS_TRACK_TABLE . " WHERE user_id = {$user->data['user_id']}");
- $db->sql_query('DELETE FROM ' . FORUMS_TRACK_TABLE . " WHERE user_id = {$user->data['user_id']}");
- $db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_lastmark = ' . time() . " WHERE user_id = {$user->data['user_id']}");
+ $tables = array(TOPICS_TRACK_TABLE, FORUMS_TRACK_TABLE);
+ foreach ($tables as $table)
+ {
+ $sql = 'DELETE FROM ' . $table . "
+ WHERE user_id = {$user->data['user_id']}
+ AND mark_time < $post_time";
+ $db->sql_query($sql);
+ }
+
+ $sql = 'UPDATE ' . USERS_TABLE . "
+ SET user_lastmark = $post_time
+ WHERE user_id = {$user->data['user_id']}
+ AND user_lastmark < $post_time";
+ $db->sql_query($sql);
}
else if ($config['load_anon_lastread'] || $user->data['is_registered'])
{
@@ -1306,16 +1353,20 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
unset($tracking_topics['tf']);
unset($tracking_topics['t']);
unset($tracking_topics['f']);
- $tracking_topics['l'] = base_convert(time() - $config['board_startdate'], 10, 36);
+ $tracking_topics['l'] = base_convert($post_time - $config['board_startdate'], 10, 36);
- $user->set_cookie('track', tracking_serialize($tracking_topics), time() + 31536000);
+ $user->set_cookie('track', tracking_serialize($tracking_topics), $post_time + 31536000);
$request->overwrite($config['cookie_name'] . '_track', tracking_serialize($tracking_topics), phpbb_request_interface::COOKIE);
unset($tracking_topics);
if ($user->data['is_registered'])
{
- $db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_lastmark = ' . time() . " WHERE user_id = {$user->data['user_id']}");
+ $sql = 'UPDATE ' . USERS_TABLE . "
+ SET user_lastmark = $post_time
+ WHERE user_id = {$user->data['user_id']}
+ AND user_lastmark < $post_time";
+ $db->sql_query($sql);
}
}
}
@@ -1337,12 +1388,14 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
{
$sql = 'DELETE FROM ' . TOPICS_TRACK_TABLE . "
WHERE user_id = {$user->data['user_id']}
+ AND mark_time < $post_time
AND " . $db->sql_in_set('forum_id', $forum_id);
$db->sql_query($sql);
$sql = 'SELECT forum_id
FROM ' . FORUMS_TRACK_TABLE . "
WHERE user_id = {$user->data['user_id']}
+ AND mark_time < $post_time
AND " . $db->sql_in_set('forum_id', $forum_id);
$result = $db->sql_query($sql);
@@ -1355,9 +1408,10 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
if (sizeof($sql_update))
{
- $sql = 'UPDATE ' . FORUMS_TRACK_TABLE . '
- SET mark_time = ' . time() . "
+ $sql = 'UPDATE ' . FORUMS_TRACK_TABLE . "
+ SET mark_time = $post_time
WHERE user_id = {$user->data['user_id']}
+ AND mark_time < $post_time
AND " . $db->sql_in_set('forum_id', $sql_update);
$db->sql_query($sql);
}
@@ -1370,7 +1424,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
$sql_ary[] = array(
'user_id' => (int) $user->data['user_id'],
'forum_id' => (int) $f_id,
- 'mark_time' => time()
+ 'mark_time' => $post_time,
);
}
@@ -1401,7 +1455,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
unset($tracking['f'][$f_id]);
}
- $tracking['f'][$f_id] = base_convert(time() - $config['board_startdate'], 10, 36);
+ $tracking['f'][$f_id] = base_convert($post_time - $config['board_startdate'], 10, 36);
}
if (isset($tracking['tf']) && empty($tracking['tf']))
@@ -1409,7 +1463,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
unset($tracking['tf']);
}
- $user->set_cookie('track', tracking_serialize($tracking), time() + 31536000);
+ $user->set_cookie('track', tracking_serialize($tracking), $post_time + 31536000);
$request->overwrite($config['cookie_name'] . '_track', tracking_serialize($tracking), phpbb_request_interface::COOKIE);
unset($tracking);
@@ -1426,9 +1480,10 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
if ($config['load_db_lastread'] && $user->data['is_registered'])
{
- $sql = 'UPDATE ' . TOPICS_TRACK_TABLE . '
- SET mark_time = ' . (($post_time) ? $post_time : time()) . "
+ $sql = 'UPDATE ' . TOPICS_TRACK_TABLE . "
+ SET mark_time = $post_time
WHERE user_id = {$user->data['user_id']}
+ AND mark_time < $post_time
AND topic_id = $topic_id";
$db->sql_query($sql);
@@ -1441,7 +1496,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
'user_id' => (int) $user->data['user_id'],
'topic_id' => (int) $topic_id,
'forum_id' => (int) $forum_id,
- 'mark_time' => ($post_time) ? (int) $post_time : time(),
+ 'mark_time' => $post_time,
);
$db->sql_query('INSERT INTO ' . TOPICS_TRACK_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
@@ -1461,7 +1516,6 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
$tracking['tf'][$forum_id][$topic_id36] = true;
}
- $post_time = ($post_time) ? $post_time : time();
$tracking['t'][$topic_id36] = base_convert($post_time - $config['board_startdate'], 10, 36);
// If the cookie grows larger than 10000 characters we will remove the smallest value
@@ -1497,7 +1551,12 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
if ($user->data['is_registered'])
{
$user->data['user_lastmark'] = intval(base_convert(max($time_keys) + $config['board_startdate'], 36, 10));
- $db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_lastmark = ' . $user->data['user_lastmark'] . " WHERE user_id = {$user->data['user_id']}");
+
+ $sql = 'UPDATE ' . USERS_TABLE . "
+ SET user_lastmark = $post_time
+ WHERE user_id = {$user->data['user_id']}
+ AND mark_time < $post_time";
+ $db->sql_query($sql);
}
else
{
@@ -1505,7 +1564,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
}
}
- $user->set_cookie('track', tracking_serialize($tracking), time() + 31536000);
+ $user->set_cookie('track', tracking_serialize($tracking), $post_time + 31536000);
$request->overwrite($config['cookie_name'] . '_track', tracking_serialize($tracking), phpbb_request_interface::COOKIE);
}
@@ -1527,7 +1586,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
$sql_ary = array(
'user_id' => (int) $use_user_id,
'topic_id' => (int) $topic_id,
- 'topic_posted' => 1
+ 'topic_posted' => 1,
);
$db->sql_query('INSERT INTO ' . TOPICS_POSTED_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php
index 8328b9ee7a..73129803ee 100644
--- a/phpBB/includes/functions_display.php
+++ b/phpBB/includes/functions_display.php
@@ -54,12 +54,12 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
// Handle marking everything read
if ($mark_read == 'all')
{
- $redirect = build_url(array('mark', 'hash'));
+ $redirect = build_url(array('mark', 'hash', 'mark_time'));
meta_refresh(3, $redirect);
if (check_link_hash(request_var('hash', ''), 'global'))
{
- markread('all');
+ markread('all', false, false, request_var('mark_time', 0));
trigger_error(
$user->lang['FORUMS_MARKED'] . '<br /><br />' .
@@ -305,11 +305,11 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
// Handle marking posts
if ($mark_read == 'forums')
{
- $redirect = build_url(array('mark', 'hash'));
+ $redirect = build_url(array('mark', 'hash', 'mark_time'));
$token = request_var('hash', '');
if (check_link_hash($token, 'global'))
{
- markread('topics', $forum_ids);
+ markread('topics', $forum_ids, false, request_var('mark_time', 0));
$message = sprintf($user->lang['RETURN_FORUM'], '<a href="' . $redirect . '">', '</a>');
meta_refresh(3, $redirect);
@@ -551,7 +551,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
}
$template->assign_vars(array(
- 'U_MARK_FORUMS' => ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'hash=' . generate_link_hash('global') . '&amp;f=' . $root_data['forum_id'] . '&amp;mark=forums') : '',
+ 'U_MARK_FORUMS' => ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'hash=' . generate_link_hash('global') . '&amp;f=' . $root_data['forum_id'] . '&amp;mark=forums&amp;mark_time=' . time()) : '',
'S_HAS_SUBFORUM' => ($visible_forums) ? true : false,
'L_SUBFORUM' => ($visible_forums == 1) ? $user->lang['SUBFORUM'] : $user->lang['SUBFORUMS'],
'LAST_POST_IMG' => $user->img('icon_topic_latest', 'VIEW_LATEST_POST'),
diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php
index d8bcd374fe..934ff566cc 100644
--- a/phpBB/includes/ucp/ucp_pm_compose.php
+++ b/phpBB/includes/ucp/ucp_pm_compose.php
@@ -749,7 +749,8 @@ function compose_pm($id, $mode, $action, $user_folders = array())
$return_box_lang = ($action === 'post' || $action === 'edit') ? 'PM_OUTBOX' : 'PM_INBOX';
- $message = $user->lang['MESSAGE_STORED'] . '<br /><br />' . sprintf($user->lang['VIEW_PRIVATE_MESSAGE'], '<a href="' . $return_message_url . '">', '</a>');
+ $save_message = ($action === 'edit') ? $user->lang['MESSAGE_EDITED'] : $user->lang['MESSAGE_STORED'];
+ $message = $save_message . '<br /><br />' . $user->lang('VIEW_PRIVATE_MESSAGE', '<a href="' . $return_message_url . '">', '</a>');
$last_click_type = 'CLICK_RETURN_FOLDER';
if ($folder_url)
diff --git a/phpBB/index.php b/phpBB/index.php
index 0ac8034d7f..66e1b2114b 100644
--- a/phpBB/index.php
+++ b/phpBB/index.php
@@ -167,7 +167,7 @@ $template->assign_vars(array(
'S_LOGIN_ACTION' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login'),
'S_DISPLAY_BIRTHDAY_LIST' => ($config['load_birthdays']) ? true : false,
- 'U_MARK_FORUMS' => ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}index.$phpEx", 'hash=' . generate_link_hash('global') . '&amp;mark=forums') : '',
+ 'U_MARK_FORUMS' => ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}index.$phpEx", 'hash=' . generate_link_hash('global') . '&amp;mark=forums&amp;mark_time=' . time()) : '',
'U_MCP' => ($auth->acl_get('m_') || $auth->acl_getf_global('m_')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main&amp;mode=front', true, $user->session_id) : '')
);
diff --git a/phpBB/language/en/ucp.php b/phpBB/language/en/ucp.php
index 648de587aa..705b07b170 100644
--- a/phpBB/language/en/ucp.php
+++ b/phpBB/language/en/ucp.php
@@ -268,6 +268,7 @@ $lang = array_merge($lang, array(
'MESSAGE_BY_AUTHOR' => 'by',
'MESSAGE_COLOURS' => 'Message colours',
'MESSAGE_DELETED' => 'Message successfully deleted.',
+ 'MESSAGE_EDITED' => 'Message successfully edited.',
'MESSAGE_HISTORY' => 'Message history',
'MESSAGE_REMOVED_FROM_OUTBOX' => 'This message was deleted by its author.',
'MESSAGE_SENT_ON' => 'on',
diff --git a/phpBB/viewforum.php b/phpBB/viewforum.php
index 03c2bb286f..83e5d4caa5 100644
--- a/phpBB/viewforum.php
+++ b/phpBB/viewforum.php
@@ -176,7 +176,7 @@ if ($mark_read == 'topics')
$token = request_var('hash', '');
if (check_link_hash($token, 'global'))
{
- markread('topics', array($forum_id));
+ markread('topics', array($forum_id), false, request_var('mark_time', 0));
}
$redirect_url = append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id);
meta_refresh(3, $redirect_url);
@@ -340,7 +340,7 @@ $template->assign_vars(array(
'U_MCP' => ($auth->acl_get('m_', $forum_id)) ? append_sid("{$phpbb_root_path}mcp.$phpEx", "f=$forum_id&amp;i=main&amp;mode=forum_view", true, $user->session_id) : '',
'U_POST_NEW_TOPIC' => ($auth->acl_get('f_post', $forum_id) || $user->data['user_id'] == ANONYMOUS) ? append_sid("{$phpbb_root_path}posting.$phpEx", 'mode=post&amp;f=' . $forum_id) : '',
'U_VIEW_FORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", "f=$forum_id" . ((strlen($u_sort_param)) ? "&amp;$u_sort_param" : '') . (($start == 0) ? '' : "&amp;start=$start")),
- 'U_MARK_TOPICS' => ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'hash=' . generate_link_hash('global') . "&amp;f=$forum_id&amp;mark=topics") : '',
+ 'U_MARK_TOPICS' => ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'hash=' . generate_link_hash('global') . "&amp;f=$forum_id&amp;mark=topics&amp;mark_time=" . time()) : '',
));
// Grab icons
generated by cgit v1.2.1 (git 2.21.0) at 2025-11-04 03:32:33 +0000